Script include that generates a temporary password for
use during the reset process.

Note: If you select the
Enforce history policy check
box, then you must specify a value for
Auto-generate
password.

Enforce history policy

Note: This option appears only if you select a credential
store Type of AD
Credential Store.

To enforce the
history policy that is configured for the credential
store:

Select the Enforce history
policy check box.

Follow the procedure that appears after this
table.

Note: Active Directory domains can be configured to
include a history policy that ensures that users do not
reuse passwords. For example, the history policy might
be configured to not allow the user to reuse any of the
previous three passwords when resetting a
password.

Hostname

URL or IP address of the credential store that contains
the user credential (for example, user names and
passwords).

Text that appears on the password reset page to help the
user to create a password that meets all requirements. The
Password rule script enforces the
requirements.

Note: The Password Reset Windows Application supports newline characters in the hint. Other
formatting is not supported (bold, underline, hyperlink,
and so on).

Password rule

Client script that validates the password that the user
enters. The script is invoked when the user enters a new
password and clicks Password Reset. You can use the script to enforce password
strength/complexity requirements.

Enable Password Strength

Select the check box to:

Display the text box for the Strength
rule script so you can update the
script.

Display the graphical Password
Strength bar to the user while the
user changes or resets the password.

Note: The Password Reset Windows Application does not support Password Strength.

Strength rule

This text box appears only if you select Enable
Password Strength.

Note: The Password Reset Windows Application does not support Password Strength.

Client
script that calculates the strength/complexity of the
password that the user enters. The script is invoked when
the user begins to enter a new password during the reset
process.

Default settings:

Selected for local ServiceNow credential stores

Not selected for other credential stores

Note:

To guide the user during the reset process, the system
displays a graphical bar labeled Password
Strength under the New
password field.

Click Submit.

The connection is created. You should test the connection to a
credential store after you configure a new credential store or when users
experience problems that might involve the connection.

Navigate to Password Reset > Credential Stores and then open the credential store.

In the header bar, click Save and Test
Connection.

A progress page displays the result of the test.

What to do next

If you selected the Enforce history policy check box, then
follow these steps:

On the Details tab of the Password Reset Process
form, clear the Auto-generate password check box and then
save the process definition.

On the domain controller, set Password Aging (MIN_PASSWORD_AGE) to
zero.

On the domain controller, set the history policy to twice the desired number of
passwords. For example, to enforce that the last three passwords are not
repeated, set the history policy to six.

Note: To enforce the history policy
that is configured for the credential store, the system auto-generates a new
temporary password for each reset cycle. The system auto-generates the
temporary password even though you have cleared the Auto-generate
password check box on the Password Reset Process
form. Because the user immediately replaces the temporary password with a
new password, two passwords are created for each reset cycle.